package com.exp.security.web;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author zhangxj
 * @date 2025/1/10
 * @Description
 */
@RestController
@RequestMapping("/user")
public class UserController {

    @PreAuthorize("hasRole('ADMIN') and hasRole('USER')")
    @GetMapping("/save")
    public String save() {
        return "user save";
    }

    @PreAuthorize("hasRole('USER') or hasRole('ADMIN')")
    @GetMapping("/list")
    public String list() {
        return "user list";
    }

    @GetMapping("/delete")
    public String delete() {
        return "user delete";
    }

    @GetMapping("/update")
    public String update() {
        return "user update";
    }




}
